With the boom in hybrid work linked to the Covid-19 crisis, hackers are redoubling their efforts to break into computer systems. Thus, according to a 2020 Tanium study, 90% of companies have recorded an increase in cyberattacks since March 2020. Knowing that a cyberattack costs a VSE or SME¹ about €35,000, this risk is not to be taken lightly! To fight against this growing threat, the IT Department must, more than ever, invest in IT security. In this article, we present the main cyber-risks to be taken into account, and the best practices to adopt to secure the data shared by your employees working remotely.
What are the cyber-risks?
Phishing, which involves collecting company data for malicious use, is the leading cause of computer security incidents in a remote work environment. This is the conclusion of Tessian’s “Securing the Future of Hybrid Working” report. For example, between March and July 2020, one in three organizations saw an increase in ransomware attacks from phishing emails. These figures are also confirmed by a 2020 Deloitte study, according to which 25% of employees have observed an increase in fraudulent emails and phishing attempts since the beginning of the Covid-19 crisis.
In addition to phishing, internal threats are also involved: according to Tessian, 43% of security incidents are related to phishing. For example, between March and June 2020, nearly half of all companies were victims of data leakage.² These internal threats, which are often the result of negligence on the part of employees, are the most difficult for the IT department to control. The best way to avoid these dangerous behaviors is to give greater visibility to cyber risks, raise employee awareness, and set up control mechanisms to prevent certain behaviors (for example: employees copying company data when they leave).
Popularized in the 2000s, the BYOD (Bring Your Own Device) policy is increasingly used in companies, especially by teleworkers. According to the 2018 Bitglass report, 85% of companies would allow their employees to work on their personal devices. But if not properly managed, such a policy can significantly increase cyber risks, such as data loss or leakage, phishing, virus infiltration or shadow IT.
Many companies have little or no awareness of these risks among their employees. For example, more than half of the employees who worked remotely during the first confinement said they had not received any training to combat cyber threats.³
The multiplication of devices used, especially smartphones, is also an important element to take into account. Indeed, according to the Verizon Mobile Security Index 2020, almost 40% of companies report having faced an attack on their employees’ mobile devices.
Finally, teleworking and BYOD also tend to increase shadow IT, i.e. the use of hardware or software not authorized by the IT department. This phenomenon, which makes organizations more vulnerable to cyber attacks, lacks visibility. According to CESIN’s Shadow IT report, employees use an average of 1,700 cloud applications in a company, while the IT department only lists 30 to 40.
As a result, almost 50% of CIOs consider this to be a major risk while working remotely.⁴ However, only 22% of companies say they have strict rules in place to manage this threat.⁵
CIO best practices
This part of the article is taken from the White Paper “Future of Work: Make Way for Hybrid Work! “>>> access full white paper for free]
Securing the work environment
To guarantee data security, the IT department must give priority as much as possible to the use of equipment provided by the company, which will have been secured beforehand. If your company nevertheless wishes to maintain a BYOD policy, you should not forget to give clear security guidelines to employees on what they must do to minimize cybersecurity risks.
The CIO (Chief Information Officer) can also set up a virtual private network (VPN), which will protect the confidentiality of company data, even when employees are working remotely. In addition, a mailbox or a dedicated conversation group (on your internal social network, for example) can be created to report any security problems.
Working in hybrid mode also means centralizing all your data on a private cloud, which will allow employees to access their documents anytime and anywhere. However, the company will need to ensure that the data is hosted in Europe, and not in the United States, so that it cannot be transmitted to the American authorities (in accordance with the Cloud Act).
Accompanying and training employees
Employees are not always aware of cybersecurity threats. It’s therefore essential to make them aware of this subject, and to teach them how to recognize fraudulent emails. For example, the company can give employees a checklist of best practices to implement: using a password manager, activating two-factor authentication, regularly updating applications, using only one’s professional computer for work, and so on.
In order to minimize shadow IT, the CIOt must provide employees with a list of authorized applications, but also remain attentive to their needs and let them know that he remains open to the implementation of new tools.
Implementing the right tools
If the current tools do not seem to meet the needs of employees, the CIO can encourage employees to share the applications they use. He can then check whether these tools are sufficiently secure for the organization and, if not, suggest alternatives that are more suitable.
Switching to a hybrid work mode requires companies to implement tools that are adapted to the new ways of working of employees, and enable them to communicate and collaborate remotely. To take advantage of all these features, many companies are choosing the digital workplace: a secure virtual office that brings together all the applications used by employees in the same place.
To guarantee the security of your company’s data, whether you are working from home or in the office, you must first and foremost make your employees aware of the challenges of cybersecurity, particularly through training, but also by disseminating best practices. Choosing the right tools is also essential. Indeed, when employees have modern tools that are really adapted to their needs, they’re less likely to download applications without the knowledge of the IT department. The company is then less vulnerable to cyber attacks.
Do you want to know more about the challenges and best practices of a hybrid way of working combining telework and office work? Read our white paper on this subject:
Access White Paper
In our white paper “The Future of Work: Make Way for Hybrid Work!” you’ll discover the eight main challenges of hybrid work; the best practices to be adopted by managers, HR, internal communication, IT and employees; and the tools to be implemented to facilitate hybrid work.
Author: Emmanuelle Abensur